sunhux
asked on
Risks of using R (Ruby?) & Python
What are the risks associated with installing the above on a PC/laptop for doing data analysis?
Are the following mitigating measures valid?
a) apply regular patches for R & Python to fix vulnerabilities: as they're opensource, are the patches
released quite timely/regularly. I tend to think opensource is lacking in this area
b) if patches are not applied regularly, can we isolate the PCs such that they have no Internet
access & no email clients to mitigate? I tend to think most breaches result from Internet,
emails activities & infected USB devices
c) is it common that emails contain malicious python attachments?
d) Where can we subscribe to vulnerabilities news/updates for these 2 softwares?
e) Python and Ruby are dynamic platforms (free ware) , have to tighten the web application security if it’s being used for web applications, Python has flexible features that make it particularly useful for hacking?
Can we harden these & where to obtain such a hardening guide?
Are the following mitigating measures valid?
a) apply regular patches for R & Python to fix vulnerabilities: as they're opensource, are the patches
released quite timely/regularly. I tend to think opensource is lacking in this area
b) if patches are not applied regularly, can we isolate the PCs such that they have no Internet
access & no email clients to mitigate? I tend to think most breaches result from Internet,
emails activities & infected USB devices
c) is it common that emails contain malicious python attachments?
d) Where can we subscribe to vulnerabilities news/updates for these 2 softwares?
e) Python and Ruby are dynamic platforms (free ware) , have to tighten the web application security if it’s being used for web applications, Python has flexible features that make it particularly useful for hacking?
Can we harden these & where to obtain such a hardening guide?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Are there known Python vulnerabilities that have no known patches or took more than 3 months for patches to be released upon the vulnerability being publicized?
https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html
Are malicious python scripts attached to emails prevalent?
https://www.cvedetails.com/vulnerability-list/vendor_id-10210/product_id-18230/Python-Python.html
Are malicious python scripts attached to emails prevalent?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER